Simplified configuration process for .NET data flow analysis

AppScan on Cloud offers a new way to generate an .irx file for scanning .NET applications, using dataflow analysis for .NET source code (C# and VB.NET),

Previously, when ASoC encountered a Visual Studio solution file (.sln file), it built the solution and project(s) to generate the .NET assemblies (.dll and .exe files), then processed those .NET assemblies to produce the .irx file that was submitted for analysis.

With this improved functionality, ASoC processes the Visual Studio source code directly to produce the .irx file to be analyzed. This results in:

  • Faster .irx generation.
  • Systems flexibility: availability of the build environment to compile the source code into .NET assemblies is not required.
  • Source to Sink dataflow results for source code.
  • Cross-platform .NET support.

All C# (.cs) and VB.NET (.vb) source files are processed during the generation of the .irx file. After the .irx is analyzed in AppScan on Cloud, results showing Source to Sink traces are available in scan results.

If you prefer the previous approach, disable this functionality in one of two ways:
  • Add a parameter to the appscan prepare command when using the Static Analyzer Command Line Utility:
    appscan.bat prepare -DNewDotNetEngine="false"
  • Specify an attribute in appscan-config.xml:
    In the Configuration element:
    <Configuration NewDotNetEngine="false">
        <Targets>
            <Target path="."/>
        </Targets>
    </Configuration>